BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

December, 2010

hands

Privileged Accounts are Pervasive and Problematic

Posted December 13, 2010    Peter McCalister

If someone is walking around your organization with t-shirt that says “Bow before me, for I am root.,” then you will have a big problem on your hands when the auditors come around or if a hacker decides to target your company for theft or cyber sabotage.

blowfish-98x98

My Holiday Basket of Favorite Utilities

Posted December 13, 2010    Morey Haber

Regardless of your career as a security researcher, penetration tester, technical writer or sales person, you probably have a few utilities on your computer that are a “must have” for daily operations. Some of them are probably unique to your position like a port scanner and others more generic like a file compression utility. Everyone…

lock

Top 10 Reasons To Implement Least Privilege for Virtualized Servers

Posted December 10, 2010    Peter McCalister

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Virtualized Servers are:

CNN Interview: Inside the Mind of a Computer Hacker

Posted December 10, 2010    Marc Maiffret

CTO Marc Maiffret discusses the recent DDoS attacks related to the recent Wikileaks:  

Tags:
, ,
MR

More Than Just Patch Management for Remediation

Posted December 9, 2010    Morey Haber

I have been combing though some vulnerability reports and the vast majority of remediation strategies revolve around applying a patch. Simple in concept; install this patch, and the vulnerability is mitigated. The difficulty arises when you have vast quantities of the patch to deploy, are unsure whether the security update breaks any other function or…

Tags:
, , , , , , ,
ipad pic

UK Steps Up Breach Laws and Strengthens Need For Least Privilege

Posted December 9, 2010    Peter McCalister

The internet has been buzzing with news of political change in the UK, where consumers are demanding US-like fines, regulations and notification rules regarding data breaches. Earlier this month Network World reported the Information Commissioner fined two organizations 160,000 pounds in two of their first fines for “serious” data breaches. Yet despite the new fines, consumers in the UK still want more protections and disclosure rules, so says 5,000 UK consumers in one survey.

Verizon Data Breach

Verizon’s 2010 Data Breach Report and Desktop Security

Posted December 8, 2010    Peter McCalister

If you have not read the Verizon 2010 Data Breach Investigations Report (a study conducted by the Verizon RISK Team in cooperation with the United States Secret Service), it is time to download and read this report and give it some attention. This report is comprehensive and is of great value for IT security specialists. The information is an eye-opener and guides management in the correct direction when trying to find the best solution to secure their IT infrastructure.

insider-threat

WikiLeaks: The Disease or the Symptom?

Posted December 7, 2010    Peter McCalister

How much press will we have to endure on the significant problems created by WikiLeaks and the public lynching of those who perpetrate these leaks before we realize that if you give someone an inch (excessive admin rights) they will take a mile (misuse that privilege)?

2010 Year in Review by CEO Kevin Hickey

Posted December 7, 2010    Kevin Hickey

Kevin Hickey, CEO of eEye Digital Security, addresses customers, partners, and prospects with a year-end review of 2010. First, he announces the launch of the new Retina CS 2.0 solution and covers what eEye promised at the beginning of the year and what they delivered, then introduces you to where the company is headed in…

Tags:
, , ,
gold-bar

How Much is Goldman’s Code Worth?

Posted December 6, 2010    Peter McCalister

The trial of a former Goldman Sachs programmer accused of stealing source code to take to a competitor has begun in somewhat of a public spectacle. The Wall Street Journal unveiled some particularly interesting details. For example, the programmer was one of the highest paid in the company with a $400,000 annual salary, but competitor Teza Technologies offered him over $1 million in total pay including a $700,000 bonus.